Back to the Basics: How do you define Privileged Access?

August 7th, 2018

SHARE THIS

Tags

Countless organizations are growing more and more concerned about the ever-evolving threat landscape of cyber-attacks, as they watch large well-known enterprise organizations falling victim to cyber-crime. Every year billions of records are stolen, identity theft increases, more credentials are abused and financial fraud is now extending into billions of dollars.

Senior executives are more involved in cyber security than ever before. In fact, in today’s hyper-connected world cyber security is on top of everyone’s mind. While executives and CISOs continue trying to reduce the risk of these threats, compliance requirements are increasing and the costs involved in helping their organizations stay protected and continue seamless operations are going up. The defense against cyber-crime is no longer enough just to rely on technology. Now, it must involve people, and therefore needs to be less complex and quick to value.

Traditional security alone is no longer enough

Unfortunately, traditional cyber security is no longer sustainable. It is too complex, often too difficult to manage and as a result, too costly—both in time and money. Therefore, organizations will have little choice but to accelerate the move to simpler solutions that remove complex management demands on IT staff while at the same time building in more secure, seamless integrations.

Previous experiences with legacy Privileged Account Management solution vendors may have been very scary: it may have been complicated, required expensive experts, been very costly, taken years to implement or never got fully installed.

Thycotic has made Privileged Access Management your friendly PAM solution. It’s simple and easy to use, can be easily learned by your own professionals, provides value for money, is fast to implement and provides a satisfying experience.

But First, Back to The Basics

Now, the problem for many organizations is where to start. How do you easily adopt a privileged access solution into your organization that will lead you to success and maturity? Thycotic has developed a selection of resources to help educate you and get you started immediately without any cost.

Organizations that are just getting started with protecting and securing privileged access need to identify which privileged accounts should be targeted as well as ensuring that those who will be using those privileged accounts are clear on the acceptable use and responsibility.

Start by defining what ‘privileged access’ means in your organization

Define what ‘privileged access’ means in your organization

Before implementing a privileged access management strategy you must identify what a privileged account is for your organization. It’s different for every company so it is crucial you map out what important business functions rely on data, systems and access.

A useful approach is to simply re-use your disaster recovery plan which typically classifies important systems that need to be recovered first, and then identify the privilege accounts for those systems. Classifying or categorizing privileged accounts at this stage is good practice as this helps identify your privileged accounts’ importance to the business and will make future decisions easier when it comes to applying security controls.

So what does privileged access mean in your organization? It could mean access to infrastructure, sensitive data, configuring systems, deploying patches, scanning for vulnerability, cloud environments and a lot more. To be able to achieve a solid definition I recommend you performs a Data Impact Assessment because this is exactly what most privileged accounts are protecting and used for—to access sensitive data or enable access to sensitive data.

Once you have conducted a Data Impact Assessment to classify your data you’ll know what information is most important to your business.

Next, audit and confirm who should have access rights to view and manage this sensitive data.

Privileged accounts are everywhere…yet for most people they are invisible

Privileged accounts are everywhere in the IT environment. They are they glue that connects vast information networks. Yet for most people they are invisible.

Privileged accounts can be human or non-human. Some privileged accounts are associated with individuals such as business users or network administrators, while others are application accounts used to run services and are not associated with a person’s unique identity.

Once you have performed a Data Impact Assessment the next step to maturity is to follow the Thycotic Privileged Access Lifecycle. This will get you moving quickly on the path to protecting and securing privileged access. You can learn more about the Privileged Access Management Lifecycle in Thycotic’s free PAM for Dummies Digital Book.

Like any IT security measure designed to help protect critical information assets, managing and protecting privileged account access requires both a plan and an ongoing program. You must identify which privileged accounts should be a priority in your organization, and ensure that those who are using these privileged accounts understand acceptable use and their responsibilities. This report briefly describes a PAM lifecycle model which provides a high-level road map that global organizations can use to establish their own Privileged Access Management program.

Here are the steps of the PAM Lifecycle:

Define

Define and classify privileged accounts. Every organization is different, so you need to map out what important business functions rely on data, systems, and access. As I mentioned earlier, you could reuse your disaster recovery plan as that typically classifies important systems and specifies which need to be recovered first. Make sure you align your privileged accounts to your business risk and operations.

Develop IT security policies that explicitly cover privileged accounts. Many organizations still lack acceptable use and responsibilities for privileged accounts. Treat privileged accounts separately by clearly defining a privileged account and detailing acceptable use policies. Gain a working understanding of who has privileged account access, and when those accounts are used.

Limit IT admin access to systems. Develop a least-privilege policy so that privileges are only granted when required and approved. Enforce least privilege on endpoints by keeping end-users configured to a standard user profile and automatically elevating their privileges to run only approved and trusted applications. For IT administrator privileged account users, you should control access and implement super user privilege management for Windows and UNIX systems to prevent attackers from running malicious applications, remote access tools, and commands. Least-privilege and application control solutions enable seamless elevation of approved, trusted, and whitelisted applications while minimizing the risk of running unauthorized applications.

Monitor

Monitor and record sessions for privileged account activity. Your PAM solution should be able to monitor and record privileged account activity. This will help enforce proper behavior and avoid mistakes by employees and other IT users because they know their activities are being monitored. If a breach does occur, monitoring privileged account use also helps digital forensics identify the root cause and identify critical controls that can be improved to reduce your risk of future cybersecurity threats.

Detect abnormal usage

Track and alert on user behavior. With up to 80% of breaches involving a compromised user or privileged account, gaining insights into privileged account access and user behavior is a top priority. Ensuring visibility into the access and activity of your privileged accounts in real time will help spot suspected account compromise and potential user abuse. Behavioral analytics focuses on key data points to establish individual user baselines, including user activity, password access, similar user behavior, and time of access to identify and alert on unusual or abnormal activity.

Respond to incidents

Prepare an incident response plan in case a privileged account is compromised. When an account is breached, simply changing privileged account passwords or disabling the privileged account is not acceptable. If compromised by an outside attacker, hackers can install malware and even create their own privileged accounts. If a domain administrator account gets compromised, for example, you should assume that your entire Active Directory, so the attacker cannot easily return.

Review and audit

Audit and analyze privileged account activity. Continuously observing how privileged accounts are being used through audits and reports will help identify unusual behaviors that may indicate a breach or misuse. These automated reports also help track the cause of security incidents, as well as demonstrate compliance with policies and regulations. Auditing of privileged accounts will also give you cybersecurity metrics that provide executives with vital information to make more informed business decisions.

Bottom Line: The key to improving cyber security around Privileged Access Management stems from an understanding and implementation of a PAM lifecycle approach. Only a comprehensive solution can ensure that your “keys to the kingdom” are properly protected from hackers and malicious insider threats. And that your access controls meet the regulatory requirements for compliance mandates in your industry.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.